<!-- build time:Tue Dec 17 2019 19:26:48 GMT+0800 (GMT+08:00) --><!doctype html><html class="theme-next mist" lang="zh-Hans"><head><meta name="generator" content="Hexo 3.8.0"><meta name="google-site-verification" content="7Tau9WyVgxnsEY9oYedu9g0U6_8akOX3wiKbaYcrg9A"><meta name="baidu-site-verification" content="EVwLiaxdxX"><link href="/css/xps13.css" rel="stylesheet" type="text/css"><link href="/css/message.css" rel="stylesheet" type="text/css"><script type="text/javascript" src="/js/jquery-1.11.3.min.js"></script><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1"><meta http-equiv="Cache-Control" content="no-transform"><meta http-equiv="Cache-Control" content="no-siteapp"><link href="/lib/font-awesome/css/font-awesome.min.css?v=4.6.2" rel="stylesheet" type="text/css"><link href="/css/main.css?v=5.1.1" rel="stylesheet" type="text/css"><meta name="keywords" content="Spring,Spring Security,"><link rel="alternate" href="/atom.xml" title="MrBird" type="application/atom+xml"><link rel="shortcut icon" type="image/x-icon" href="/favicon.ico?v=5.1.1"><meta name="description" content="虽然Spring Security框架给我们赠送了个登录页面，但这个页面过于简单，Spring Security允许我们自定义登录页。准备工作第一步在maven中加入Spring Security相关依赖（Spring MVC已搭建好）。123456789101112131415&amp;lt;dependency&amp;gt;    &amp;lt;groupId&amp;gt;org.springframework.sec"><meta name="keywords" content="Spring,Spring Security"><meta property="og:type" content="article"><meta property="og:title" content="自定义Spring Security登录页"><meta property="og:url" content="http://mrbird.cc/自定义Spring-Security登录页.html"><meta property="og:site_name" content="MrBird"><meta property="og:description" content="虽然Spring Security框架给我们赠送了个登录页面，但这个页面过于简单，Spring Security允许我们自定义登录页。准备工作第一步在maven中加入Spring Security相关依赖（Spring MVC已搭建好）。123456789101112131415&amp;lt;dependency&amp;gt;    &amp;lt;groupId&amp;gt;org.springframework.sec"><meta property="og:locale" content="zh-Hans"><meta property="og:image" content="http://mrbird.cc/img/30421015-file_1488435913481_11db7.png"><meta property="og:image" content="http://mrbird.cc/img/47298958-file_1487996693373_ac23.png"><meta property="og:image" content="http://mrbird.cc/img/41595291-file_1487996714125_5670.png"><meta property="og:image" content="http://mrbird.cc/img/74906915-file_1487996735917_4f76.png"><meta property="og:image" content="http://mrbird.cc/img/49887609-file_1487996760103_2fc7.png"><meta property="og:image" content="http://mrbird.cc/img/87434140-file_1487996785624_ce45.png"><meta property="og:image" content="http://mrbird.cc/img/98435752-file_1487996804588_a6ef.png"><meta property="og:updated_time" content="2019-10-28T12:14:46.314Z"><meta name="twitter:card" content="summary"><meta name="twitter:title" content="自定义Spring Security登录页"><meta name="twitter:description" content="虽然Spring Security框架给我们赠送了个登录页面，但这个页面过于简单，Spring Security允许我们自定义登录页。准备工作第一步在maven中加入Spring Security相关依赖（Spring MVC已搭建好）。123456789101112131415&amp;lt;dependency&amp;gt;    &amp;lt;groupId&amp;gt;org.springframework.sec"><meta name="twitter:image" content="http://mrbird.cc/img/30421015-file_1488435913481_11db7.png"><script type="text/javascript" id="hexo.configurations">var NexT=window.NexT||{},CONFIG={root:"/",scheme:"Mist",sidebar:{position:"left",display:"always",offset:12,offset_float:0,b2t:!1,scrollpercent:!1},fancybox:!1,motion:!1}</script><title>自定义Spring Security登录页 | MrBird</title></head><body ondragstart="return!1" class="animsition" lang="zh-Hans" style="overflow-x:hidden;padding-right:280px"><script type="text/javascript" src="/js/mo.min.js"></script><style>@media (min-width:768px) and (max-width:991px){body .header-innerr{width:700px!important}}.header-innerr{margin:0 auto;padding:100px 0 70px;width:880px}@media (min-width:1600px){.container .header-innerr{width:1200px}}.header-innerr{position:relative}.header-innerr{padding:20px 0 0}.header-innerr:after,.header-innerr:before{content:" ";display:table}.header-innerr:after{clear:both}@media (max-width:767px){.header-innerr{width:auto;padding:10px;margin-bottom:-20px}}</style><div class="container sidebar-position-left page-post-detail"><div class="headband"></div><header id="header" class="header"><div class="header-inner"><div class="site-brand-wrapper"><div class="site-meta"><link href="https://fonts.font.im/css?family=Merienda" rel="stylesheet"><div class="custom-logo-site-title"><a href="/" class="brand" rel="start"><span class="logo-line-before"><i></i></span> <span class="site-title" style="font-family:Merienda;font-size:1.3rem">MrBird</span> <span class="logo-line-after"><i></i></span></a></div><p class="site-subtitle"></p></div><div class="site-nav-toggle"><button><span class="btn-bar"></span> <span class="btn-bar"></span> <span class="btn-bar"></span></button></div></div><nav class="site-nav"><ul id="menu" class="menu"><li class="menu-item menu-item-home"><a href="/" rel="section">HOME</a></li><li class="menu-item menu-item-archives"><a href="/archives/" rel="section">ARCHIVES</a></li><li class="menu-item menu-item-tags"><a href="/tags/" rel="section">TAGS</a></li><li class="menu-item menu-item-friends"><a href="/friends/" rel="section">FRIENDS</a></li><div class="sidebar-toggle" style="display:none"><div class="sidebar-toggle-line-wrap"><span class="sidebar-toggle-line sidebar-toggle-line-first"></span> <span class="sidebar-toggle-line sidebar-toggle-line-middle"></span> <span class="sidebar-toggle-line sidebar-toggle-line-last"></span></div></div></ul><div class="site-search"><div class="popup search-popup local-search-popup"><div class="local-search-header clearfix"><span class="search-icon"><i class="fa fa-search"></i> </span><span class="popup-btn-close"><i class="fa fa-times-circle"></i></span><div class="local-search-input-wrapper"><input autocomplete="off" placeholder="Search" spellcheck="false" type="text" id="local-search-input"></div></div><div id="local-search-result"></div></div></div></nav></div><div class="header-innerr"><div class="note info" style="margin:0;letter-spacing:.15px">🐤手把手教你搭建<strong>Spring Cloud微服务权限系统</strong>（从零到部署）：<a style="color:#40dab2;font-weight:600" href="https://www.kancloud.cn/mrbird/spring-cloud" target="_blank">https://www.kancloud.cn/mrbird/spring-cloud</a></div></div></header><main id="main" class="main"><div class="main-inner"><div class="content-wrap"><div id="content" class="content"><div id="posts" class="posts-expand"><article class="post post-type-normal" itemscope itemtype="http://schema.org/Article"><link itemprop="mainEntityOfPage" href="http://mrbird.cc/自定义Spring-Security登录页.html"><span hidden itemprop="author" itemscope itemtype="http://schema.org/Person"><meta itemprop="name" content="MrBird"><meta itemprop="description" content=""><meta itemprop="image" content="/images/blogImage.jpg"></span><span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization"><meta itemprop="name" content="MrBird"></span><header class="post-header"><h1 class="post-title" itemprop="name headline">自定义Spring Security登录页</h1><div class="post-meta"><span class="post-time"><span class="post-meta-item-icon"><i class="fa fa-calendar-o"></i> </span><span class="post-meta-item-text">Posted on</span> <time title="创建于" itemprop="dateCreated datePublished" datetime="2017-02-07T18:45:02+08:00">2017-02-07 </time></span><span></span> <span class="post-meta-divider">|</span> <span class="page-pv"><i class="fa fa-laptop"></i>&nbsp;&nbsp;Visit count <span class="busuanzi-value" id="busuanzi_value_page_pv"></span></span></div></header><div class="post-body" itemprop="articleBody"><p>虽然Spring Security框架给我们赠送了个登录页面，但这个页面过于简单，Spring Security允许我们自定义登录页。</p><h2 id="准备工作"><a href="#准备工作" class="headerlink" title="准备工作"></a>准备工作</h2><p>第一步在maven中加入Spring Security相关依赖（Spring MVC已搭建好）。</p><figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"><span class="tag">&lt;<span class="name">dependency</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">groupId</span>&gt;</span>org.springframework.security<span class="tag">&lt;/<span class="name">groupId</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">artifactId</span>&gt;</span>spring-security-web<span class="tag">&lt;/<span class="name">artifactId</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">version</span>&gt;</span>3.2.0.RELEASE<span class="tag">&lt;/<span class="name">version</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">dependency</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">dependency</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">groupId</span>&gt;</span>org.springframework.security<span class="tag">&lt;/<span class="name">groupId</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">artifactId</span>&gt;</span>spring-security-config<span class="tag">&lt;/<span class="name">artifactId</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">version</span>&gt;</span>3.2.0.RELEASE<span class="tag">&lt;/<span class="name">version</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">dependency</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">dependency</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">groupId</span>&gt;</span>org.springframework.security<span class="tag">&lt;/<span class="name">groupId</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">artifactId</span>&gt;</span>spring-security-taglibs<span class="tag">&lt;/<span class="name">artifactId</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">version</span>&gt;</span>3.2.0.RELEASE<span class="tag">&lt;/<span class="name">version</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">dependency</span>&gt;</span></span><br></pre></td></tr></table></figure><p></p><a id="more"></a><p>为了在项目中使用 Spring Security 控制权限，首先要在web.xml 中配置过滤器，这样我们就可以控制对这个项目的每个请求了。</p><figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line"><span class="tag">&lt;<span class="name">filter</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">filter-name</span>&gt;</span>springSecurityFilterChain<span class="tag">&lt;/<span class="name">filter-name</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">filter-class</span>&gt;</span>org.springframework.web.filter.DelegatingFilterProxy<span class="tag">&lt;/<span class="name">filter-class</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">filter</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">filter-mapping</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">filter-name</span>&gt;</span>springSecurityFilterChain<span class="tag">&lt;/<span class="name">filter-name</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">url-pattern</span>&gt;</span>/*<span class="tag">&lt;/<span class="name">url-pattern</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">filter-mapping</span>&gt;</span></span><br></pre></td></tr></table></figure><p></p><p>applicationContext.xml的配置如下：</p><figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">&lt;?xml version="1.0" encoding="UTF-8"?&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">beans</span> <span class="attr">xmlns</span>=<span class="string">"http://www.springframework.org/schema/beans"</span></span></span><br><span class="line"><span class="tag">    <span class="attr">xmlns:xsi</span>=<span class="string">"http://www.w3.org/2001/XMLSchema-instance"</span></span></span><br><span class="line"><span class="tag">    <span class="attr">xmlns:context</span>=<span class="string">"http://www.springframework.org/schema/context"</span> </span></span><br><span class="line"><span class="tag">    <span class="attr">xmlns:mvc</span>=<span class="string">"http://www.springframework.org/schema/mvc"</span></span></span><br><span class="line"><span class="tag">    <span class="attr">xmlns:p</span>=<span class="string">"http://www.springframework.org/schema/p"</span> </span></span><br><span class="line"><span class="tag">    <span class="attr">xsi:schemaLocation</span>=<span class="string">"</span></span></span><br><span class="line"><span class="tag"><span class="string">        http://www.springframework.org/schema/beans</span></span></span><br><span class="line"><span class="tag"><span class="string">        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd</span></span></span><br><span class="line"><span class="tag"><span class="string">        http://www.springframework.org/schema/context</span></span></span><br><span class="line"><span class="tag"><span class="string">        http://www.springframework.org/schema/context/spring-context-4.3.xsd</span></span></span><br><span class="line"><span class="tag"><span class="string">        http://www.springframework.org/schema/mvc</span></span></span><br><span class="line"><span class="tag"><span class="string">        http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd"</span>&gt;</span></span><br><span class="line">    <span class="comment">&lt;!-- 开启组件扫描 --&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">context:component-scan</span> <span class="attr">base-package</span>=<span class="string">"spring"</span>/&gt;</span></span><br><span class="line">    <span class="comment">&lt;!-- 启用Spring mvc --&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">mvc:annotation-driven</span>/&gt;</span></span><br><span class="line">    <span class="comment">&lt;!-- 配置viewResolver --&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">bean</span> <span class="attr">id</span>=<span class="string">"viewResolver"</span></span></span><br><span class="line"><span class="tag">        <span class="attr">class</span>=<span class="string">"org.springframework.web.servlet.view.InternalResourceViewResolver"</span> </span></span><br><span class="line"><span class="tag">        <span class="attr">p:prefix</span>=<span class="string">"/WEB-INF/views/"</span> </span></span><br><span class="line"><span class="tag">        <span class="attr">p:suffix</span>=<span class="string">".jsp"</span> </span></span><br><span class="line"><span class="tag">        <span class="attr">p:viewClass</span>=<span class="string">"org.springframework.web.servlet.view.JstlView"</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;/<span class="name">bean</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">mvc:resources</span> <span class="attr">location</span>=<span class="string">"/css/"</span> <span class="attr">mapping</span>=<span class="string">"/css/**"</span>/&gt;</span></span><br><span class="line">    <span class="comment">&lt;!-- 引入spring-security.xml --&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">import</span> <span class="attr">resource</span>=<span class="string">"spring-security.xml"</span>/&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">beans</span>&gt;</span></span><br></pre></td></tr></table></figure><p></p><p>在applicationContext.xml中，使用<code>&lt;import/&gt;</code>标签引入了spring-security.xml配置。spring-security.xml先简单配置如下：</p><figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">&lt;?xml version="1.0" encoding="UTF-8"?&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">b:beans</span> <span class="attr">xmlns:b</span>=<span class="string">"http://www.springframework.org/schema/beans"</span></span></span><br><span class="line"><span class="tag">    <span class="attr">xmlns</span>=<span class="string">"http://www.springframework.org/schema/security"</span></span></span><br><span class="line"><span class="tag">    <span class="attr">xmlns:xsi</span>=<span class="string">"http://www.w3.org/2001/XMLSchema-instance"</span></span></span><br><span class="line"><span class="tag">    <span class="attr">xsi:schemaLocation</span>=<span class="string">"http://www.springframework.org/schema/beans </span></span></span><br><span class="line"><span class="tag"><span class="string">        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd</span></span></span><br><span class="line"><span class="tag"><span class="string">        http://www.springframework.org/schema/security </span></span></span><br><span class="line"><span class="tag"><span class="string">        http://www.springframework.org/schema/security/spring-security-3.2.xsd"</span>&gt;</span></span><br><span class="line">    <span class="comment">&lt;!-- 设置免验证路径 --&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">http</span> <span class="attr">pattern</span>=<span class="string">"/**/*.css"</span> <span class="attr">security</span>=<span class="string">"none"</span>/&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">http</span> <span class="attr">pattern</span>=<span class="string">"/**/*.jpg"</span> <span class="attr">security</span>=<span class="string">"none"</span>/&gt;</span>  </span><br><span class="line">    <span class="tag">&lt;<span class="name">http</span> <span class="attr">pattern</span>=<span class="string">"/**/*.jpeg"</span> <span class="attr">security</span>=<span class="string">"none"</span>/&gt;</span> </span><br><span class="line">    <span class="tag">&lt;<span class="name">http</span> <span class="attr">pattern</span>=<span class="string">"/checkCode"</span> <span class="attr">security</span>=<span class="string">"none"</span>/&gt;</span> </span><br><span class="line">    <span class="tag">&lt;<span class="name">http</span> <span class="attr">auto-config</span>=<span class="string">"true"</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">intercept-url</span> <span class="attr">pattern</span>=<span class="string">"/login"</span> <span class="attr">access</span>=<span class="string">"IS_AUTHENTICATED_ANONYMOUSLY"</span> /&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">intercept-url</span> <span class="attr">pattern</span>=<span class="string">"/admin"</span> <span class="attr">access</span>=<span class="string">"ROLE_ADMIN"</span>/&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">intercept-url</span> <span class="attr">pattern</span>=<span class="string">"/**"</span> <span class="attr">access</span>=<span class="string">"ROLE_USER"</span>/&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">form-login</span> <span class="attr">login-page</span>=<span class="string">"/login"</span>/&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">custom-filter</span> <span class="attr">ref</span>=<span class="string">"loginfilter"</span> <span class="attr">before</span>=<span class="string">"FORM_LOGIN_FILTER"</span> /&gt;</span> </span><br><span class="line">    <span class="tag">&lt;/<span class="name">http</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">b:bean</span> <span class="attr">id</span>=<span class="string">"loginfilter"</span> </span></span><br><span class="line"><span class="tag">        <span class="attr">class</span>=<span class="string">"spring.security.web.MrbirdUsernamePasswordAuthenticationFilter"</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"filterProcessesUrl"</span> <span class="attr">value</span>=<span class="string">"/j_spring_security_check"</span>/&gt;</span> </span><br><span class="line">        <span class="comment">&lt;!-- 登入页面form mothed 必须是post --&gt;</span> </span><br><span class="line">        <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"postOnly"</span> <span class="attr">value</span>=<span class="string">"true"</span>/&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"authenticationManager"</span> <span class="attr">ref</span>=<span class="string">"authenticationManager"</span> /&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"continueChainBeforeSuccessfulAuthentication"</span> <span class="attr">value</span>=<span class="string">"false"</span>/&gt;</span></span><br><span class="line">    <span class="tag">&lt;/<span class="name">b:bean</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">user-service</span> <span class="attr">id</span>=<span class="string">"user_service"</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">user</span> <span class="attr">name</span>=<span class="string">"admin"</span> <span class="attr">password</span>=<span class="string">"123456"</span> <span class="attr">authorities</span>=<span class="string">"ROLE_USER,ROLE_ADMIN"</span>/&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">user</span> <span class="attr">name</span>=<span class="string">"user"</span> <span class="attr">password</span>=<span class="string">"123456"</span> <span class="attr">authorities</span>=<span class="string">"ROLE_USER"</span>/&gt;</span></span><br><span class="line">    <span class="tag">&lt;/<span class="name">user-service</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">authentication-manager</span> <span class="attr">alias</span>=<span class="string">"authenticationManager"</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">authentication-provider</span> <span class="attr">user-service-ref</span>=<span class="string">"user_service"</span>/&gt;</span></span><br><span class="line">    <span class="tag">&lt;/<span class="name">authentication-manager</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">b:beans</span>&gt;</span></span><br></pre></td></tr></table></figure><p></p><p>上述配置中主要干了几件事：</p><p>1.声明在xml 中使用Spring Security 提供的命名空间xmlns=”<a href="http://www.springframework.org/schema/security&quot;。" target="_blank" rel="noopener">http://www.springframework.org/schema/security&quot;。</a></p><p>2.设置一些免验证资源或者路径。</p><p>3.利用<code>intercept-url</code>来判断用户需要具有何种权限才能访问对应的url资源，可以在pattern中指定一个特定的url资源，<code>access</code>指明需要的权限。比如url “/admin” 必须拥有ROLE_ADMIN的用户才能访问。在实际使用中，Spring Security采用的是一种就近原则，就是说当用户访 问的url 资源满足多个intercepter-url 时，系统将使用第一个符合条件的 intercept-url 进行权限控制。</p><p>4.<code>access=&quot;IS_AUTHENTICATED_ANONYMOUSLY&quot;</code>指定匿名用户也可以访问。</p><p>5.<code>&lt;form-login/&gt;</code>标签的login-page=”/login”属性表示登录页面的请求，由控制器去处理。</p><p>6.<code>&lt;custom-filter/&gt;</code>标签引用了一个名为loginfilter的过滤器，用于登录的时候进行验证。</p><p>7.接下来定义了id为loginfilter的bean，其<code>filterProcessesUrl</code>设定了登录页表单提交时的请求；<code>authenticationManager</code>属性指向authenticationManager。该bean对应的类下文再做介绍。</p><p>8.<code>user-service</code>中定义了两个用户，admin 和user，<code>password</code>属性定义其密码，<code>authorities</code>属性为其分配权限。</p><p>9.<code>&lt;authentication-manager/&gt;</code>标签注册了一个认证管理器，并通过 <code>&lt;authentication-provider/&gt;</code>标签的<code>user-service-ref</code>属性将之前定义的用户装配起来。</p><p>除此之外，还可以使用SpEL表达式进行url的拦截。</p><h2 id="启用SpEL"><a href="#启用SpEL" class="headerlink" title="启用SpEL"></a>启用SpEL</h2><p>启用SpEL：</p><figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="tag">&lt;<span class="name">http</span> <span class="attr">auto-config</span>=<span class="string">"true"</span> <span class="attr">use-expressions</span>=<span class="string">"true"</span>&gt;</span></span><br><span class="line">    ...</span><br><span class="line"><span class="tag">&lt;/<span class="name">http</span>&gt;</span></span><br></pre></td></tr></table></figure><p></p><p>Spring Security支持的所有SpEL表达式如下：</p><p><table><tr><td>安全表达式</td><td>计算结果</td></tr><tr><td>authentication</td><td>用户的认证对象</td></tr><tr><td>denyAll</td><td>结果始终为false</td></tr><tr><td>hasAnyRole(list of&nbsp;roles)</td><td>如果用户被授予了列表中任意的指定角色，结果为true</td></tr><tr><td>hasRole(role)</td><td>如果用户被授予了指定的角色，结果为true</td></tr><tr><td>hasIpAddress(IP Address)</td><td>如果请求来自指定IP的话，结果为true</td></tr><tr><td>isAnonymous()</td><td>如果当前用户为匿名用户，结果为true</td></tr><tr><td>isAuthenticated()</td><td>如果当前用户进行了认证的话，结果为true</td></tr><tr><td>isFullyAuthenticated()</td><td>如果当前用户进行了完整认证的话（不是通过Remember-me功能进行的认 证），结果为true</td></tr><tr><td>isRememberMe()</td><td>如果当前用户是通过Remember-me自动认证的，结果为true</td></tr><tr><td>permitAll</td><td>结果始终为true</td></tr><tr><td>principal</td><td>用户的principal对象</td></tr></table>使用SpEL改写<intercept-url>的access属性：<figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br></pre></td><td class="code"><pre><span class="line"><span class="tag">&lt;<span class="name">http</span> <span class="attr">auto-config</span>=<span class="string">"true"</span> <span class="attr">access-denied-page</span>=<span class="string">"/deny"</span> <span class="attr">use-expressions</span>=<span class="string">"true"</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">intercept-url</span> <span class="attr">pattern</span>=<span class="string">"/login"</span> <span class="attr">access</span>=<span class="string">"permitAll"</span> /&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">intercept-url</span> <span class="attr">pattern</span>=<span class="string">"/admin"</span> <span class="attr">access</span>=<span class="string">"hasRole('ROLE_ADMIN')"</span>/&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">intercept-url</span> <span class="attr">pattern</span>=<span class="string">"/**"</span> <span class="attr">access</span>=<span class="string">"hasRole('ROLE_USER')"</span>/&gt;</span></span><br><span class="line">    ...</span><br><span class="line"><span class="tag">&lt;/<span class="name">http</span>&gt;</span></span><br></pre></td></tr></table></figure></intercept-url></p><p>接下来自己编写个登录页。</p><h2 id="自定义登录页"><a href="#自定义登录页" class="headerlink" title="自定义登录页"></a>自定义登录页</h2><p>login.jsp如下：</p><figure class="highlight html"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br></pre></td><td class="code"><pre><span class="line"><span class="tag">&lt;<span class="name">%@</span> <span class="attr">page</span> <span class="attr">language</span>=<span class="string">"java"</span> <span class="attr">contentType</span>=<span class="string">"text/html; charset=utf-8"</span> <span class="attr">pageEncoding</span>=<span class="string">"utf-8"</span>%&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">%@</span> <span class="attr">taglib</span> <span class="attr">uri</span>=<span class="string">"http://www.springframework.org/tags"</span> <span class="attr">prefix</span>=<span class="string">"s"</span> %&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">%@</span> <span class="attr">taglib</span> <span class="attr">uri</span>=<span class="string">"http://java.sun.com/jsp/jstl/core"</span> <span class="attr">prefix</span>=<span class="string">"c"</span> %&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">html</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">head</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">meta</span> <span class="attr">http-equiv</span>=<span class="string">"Content-Type"</span> <span class="attr">content</span>=<span class="string">"text/html;charset=UTF-8"</span>/&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">title</span>&gt;</span>login page<span class="tag">&lt;/<span class="name">title</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">link</span> <span class="attr">href</span>=<span class="string">"&lt;c:url value='/css/bootstrap.min.css'/&gt;"</span> </span></span><br><span class="line"><span class="tag">        <span class="attr">rel</span>=<span class="string">"stylesheet"</span> <span class="attr">type</span>=<span class="string">"text/css"</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">link</span> <span class="attr">href</span>=<span class="string">"&lt;c:url value='/css/bootstrap-theme.min.css'/&gt;"</span> </span></span><br><span class="line"><span class="tag">        <span class="attr">rel</span>=<span class="string">"stylesheet"</span> <span class="attr">type</span>=<span class="string">"text/css"</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">link</span> <span class="attr">href</span>=<span class="string">"&lt;c:url value='/css/templatemo_style.css'/&gt;"</span> </span></span><br><span class="line"><span class="tag">        <span class="attr">rel</span>=<span class="string">"stylesheet"</span> <span class="attr">type</span>=<span class="string">"text/css"</span>&gt;</span>	</span><br><span class="line"><span class="tag">&lt;/<span class="name">head</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">body</span> <span class="attr">class</span>=<span class="string">"templatemo-bg-gray"</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"container"</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"col-md-12"</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">h1</span> <span class="attr">class</span>=<span class="string">"margin-bottom-15"</span>&gt;</span>Login Page<span class="tag">&lt;/<span class="name">h1</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">form</span> <span class="attr">action</span>=<span class="string">"&lt;s:url value='/j_spring_security_check'/&gt;"</span></span></span><br><span class="line"><span class="tag">            <span class="attr">class</span>=<span class="string">"form-horizontal templatemo-container </span></span></span><br><span class="line"><span class="tag"><span class="string">        templatemo-login-form-1 margin-bottom-30"</span> <span class="attr">role</span>=<span class="string">"form"</span> <span class="attr">method</span>=<span class="string">"post"</span>&gt;</span>				</span><br><span class="line">            <span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"form-group"</span>&gt;</span></span><br><span class="line">                <span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"col-xs-12"</span>&gt;</span>		            </span><br><span class="line">                    <span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"control-wrapper"</span>&gt;</span></span><br><span class="line">                        <span class="tag">&lt;<span class="name">span</span> <span class="attr">class</span>=<span class="string">"form-text"</span>&gt;</span>username<span class="tag">&lt;/<span class="name">span</span>&gt;</span></span><br><span class="line">                        <span class="tag">&lt;<span class="name">input</span> <span class="attr">type</span>=<span class="string">"text"</span> <span class="attr">class</span>=<span class="string">"form-control"</span> <span class="attr">name</span>=<span class="string">"j_username"</span>/&gt;</span></span><br><span class="line">                    <span class="tag">&lt;/<span class="name">div</span>&gt;</span>		            	            </span><br><span class="line">                <span class="tag">&lt;/<span class="name">div</span>&gt;</span>              </span><br><span class="line">            <span class="tag">&lt;/<span class="name">div</span>&gt;</span></span><br><span class="line">            <span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"form-group"</span>&gt;</span></span><br><span class="line">                <span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"col-md-12"</span>&gt;</span></span><br><span class="line">                    <span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"control-wrapper"</span>&gt;</span></span><br><span class="line">                        <span class="tag">&lt;<span class="name">span</span> <span class="attr">class</span>=<span class="string">"form-text"</span>&gt;</span>password<span class="tag">&lt;/<span class="name">span</span>&gt;</span></span><br><span class="line">                        <span class="tag">&lt;<span class="name">input</span> <span class="attr">type</span>=<span class="string">"password"</span> <span class="attr">class</span>=<span class="string">"form-control"</span> <span class="attr">name</span>=<span class="string">"j_password"</span>&gt;</span></span><br><span class="line">                    <span class="tag">&lt;/<span class="name">div</span>&gt;</span></span><br><span class="line">                <span class="tag">&lt;/<span class="name">div</span>&gt;</span></span><br><span class="line">            <span class="tag">&lt;/<span class="name">div</span>&gt;</span></span><br><span class="line">            <span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"form-group"</span>&gt;</span></span><br><span class="line">                <span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"col-md-12"</span>&gt;</span></span><br><span class="line">                    <span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"control-wrapper"</span>&gt;</span></span><br><span class="line">                        <span class="tag">&lt;<span class="name">span</span> <span class="attr">class</span>=<span class="string">"form-text"</span>&gt;</span>validateCode<span class="tag">&lt;/<span class="name">span</span>&gt;</span></span><br><span class="line">                        <span class="tag">&lt;<span class="name">input</span> <span class="attr">type</span>=<span class="string">"password"</span> <span class="attr">class</span>=<span class="string">"form-control"</span> <span class="attr">name</span>=<span class="string">"validateCode"</span>&gt;</span></span><br><span class="line">                    <span class="tag">&lt;/<span class="name">div</span>&gt;</span></span><br><span class="line">                <span class="tag">&lt;/<span class="name">div</span>&gt;</span></span><br><span class="line">            <span class="tag">&lt;/<span class="name">div</span>&gt;</span></span><br><span class="line">            <span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"form-group"</span>&gt;</span></span><br><span class="line">                <span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"col-md-12"</span>&gt;</span></span><br><span class="line">                    <span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"control-wrapper"</span>&gt;</span></span><br><span class="line">                        <span class="tag">&lt;<span class="name">input</span> <span class="attr">type</span>=<span class="string">"submit"</span> <span class="attr">value</span>=<span class="string">"Log in"</span> <span class="attr">class</span>=<span class="string">"btn btn-info"</span>&gt;</span> </span><br><span class="line">                        <span class="tag">&lt;<span class="name">input</span> <span class="attr">type</span>=<span class="string">"reset"</span> <span class="attr">value</span>=<span class="string">"Reset"</span> <span class="attr">class</span>=<span class="string">"btn btn-info"</span>&gt;</span></span><br><span class="line">                        <span class="tag">&lt;<span class="name">img</span> <span class="attr">id</span>=<span class="string">"checkCodeImg"</span> <span class="attr">title</span>=<span class="string">"验证码不区分大小写"</span> <span class="attr">src</span>=<span class="string">"checkCode"</span></span></span><br><span class="line"><span class="tag">                            <span class="attr">onclick</span>=<span class="string">"changeValidateCode()"</span> <span class="attr">style</span>=<span class="string">"cursor: pointer;"</span>&gt;</span></span><br><span class="line">                        <span class="tag">&lt;<span class="name">a</span> <span class="attr">href</span>=<span class="string">"javascript:;"</span> <span class="attr">onclick</span>=<span class="string">"changeValidateCode()"</span>&gt;</span>看不清？<span class="tag">&lt;/<span class="name">a</span>&gt;</span></span><br><span class="line">                        <span class="tag">&lt;<span class="name">span</span> <span class="attr">class</span>=<span class="string">"form-error"</span>&gt;</span></span><br><span class="line">                            $&#123;sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message&#125;</span><br><span class="line">                        <span class="tag">&lt;/<span class="name">span</span>&gt;</span></span><br><span class="line">                        <span class="tag">&lt;<span class="name">span</span> <span class="attr">class</span>=<span class="string">"form-error"</span>&gt;</span></span><br><span class="line">                            $&#123;SPRING_SECURITY_403_EXCEPTION.message&#125;</span><br><span class="line">                        <span class="tag">&lt;/<span class="name">span</span>&gt;</span></span><br><span class="line">                    <span class="tag">&lt;/<span class="name">div</span>&gt;</span></span><br><span class="line">                <span class="tag">&lt;/<span class="name">div</span>&gt;</span></span><br><span class="line">            <span class="tag">&lt;/<span class="name">div</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;/<span class="name">form</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;/<span class="name">div</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">div</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">body</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">script</span> <span class="attr">type</span>=<span class="string">"text/javascript"</span>&gt;</span><span class="undefined"></span></span><br><span class="line"><span class="javascript">    <span class="function"><span class="keyword">function</span> <span class="title">changeValidateCode</span>(<span class="params"></span>)</span>&#123;</span></span><br><span class="line"><span class="javascript">        <span class="built_in">document</span>.getElementById(<span class="string">"checkCodeImg"</span>).src = <span class="string">"checkCode"</span>+ <span class="string">"?nocache="</span> + <span class="keyword">new</span> <span class="built_in">Date</span>().getTime();</span></span><br><span class="line"><span class="undefined">    &#125;</span></span><br><span class="line"><span class="undefined">  </span><span class="tag">&lt;/<span class="name">script</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">html</span>&gt;</span></span><br></pre></td></tr></table></figure><p></p><p>与Spring Security相关的就几个：</p><p>1.<code>/j_spring_security_check</code>，提交登录信息的URL地址。</p><p>2.<code>j_username</code>，输入登录名的参数名称。</p><p>3.<code>j_password</code>，输入密码的参数名称。</p><p>4.<code>${sessionScope[&#39;SPRING_SECURITY_LAST_EXCEPTION&#39;].message}</code>和<code>${SPRING_SECURITY_403_EXCEPTION.message}</code>用于输出登录失败的异常信息。</p><p>login.jsp页面尾部添加了验证码验证。验证码对应的controller如下：</p><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br><span class="line">71</span><br><span class="line">72</span><br><span class="line">73</span><br><span class="line">74</span><br><span class="line">75</span><br><span class="line">76</span><br><span class="line">77</span><br><span class="line">78</span><br><span class="line">79</span><br><span class="line">80</span><br><span class="line">81</span><br><span class="line">82</span><br><span class="line">83</span><br><span class="line">84</span><br><span class="line">85</span><br><span class="line">86</span><br><span class="line">87</span><br><span class="line">88</span><br><span class="line">89</span><br><span class="line">90</span><br><span class="line">91</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">@Controller</span></span><br><span class="line"><span class="keyword">public</span> <span class="class"><span class="keyword">class</span> <span class="title">CodeController</span> </span>&#123;</span><br><span class="line">    <span class="meta">@RequestMapping</span>(value=<span class="string">"/checkCode"</span>)</span><br><span class="line">    <span class="function"><span class="keyword">public</span> <span class="keyword">void</span> <span class="title">createCheckCode</span><span class="params">(HttpServletRequest request, HttpServletResponse response)</span></span></span><br><span class="line"><span class="function">        <span class="keyword">throws</span> IOException</span>&#123;</span><br><span class="line">        <span class="comment">//设置不缓存图片  </span></span><br><span class="line">        response.setHeader(<span class="string">"Pragma"</span>, <span class="string">"No-cache"</span>);  </span><br><span class="line">        response.setHeader(<span class="string">"Cache-Control"</span>, <span class="string">"No-cache"</span>);  </span><br><span class="line">        response.setDateHeader(<span class="string">"Expires"</span>, <span class="number">0</span>);  </span><br><span class="line">        <span class="comment">//指定生成的响应类型及格式-图片jpg  </span></span><br><span class="line">        response.setContentType(<span class="string">"image/jpeg"</span>); </span><br><span class="line">        <span class="comment">//指定生成验证码的宽度和高度  </span></span><br><span class="line">        <span class="keyword">int</span> width=<span class="number">66</span>,height=<span class="number">30</span>;    </span><br><span class="line">        <span class="comment">//创建BufferedImage对象,其作用相当于一图片</span></span><br><span class="line">        BufferedImage image=<span class="keyword">new</span> BufferedImage(width,height,BufferedImage.TYPE_INT_RGB);</span><br><span class="line">        <span class="comment">//创建Graphics对象,其作用相当于画笔</span></span><br><span class="line">        Graphics g=image.getGraphics();    </span><br><span class="line">        <span class="comment">//创建Grapchics2D对象  </span></span><br><span class="line">        Graphics2D g2d=(Graphics2D)g;       </span><br><span class="line">        Random random=<span class="keyword">new</span> Random(); </span><br><span class="line">        <span class="comment">//定义字体样式  </span></span><br><span class="line">        Font mfont=<span class="keyword">new</span> Font(<span class="string">"楷体"</span>,Font.BOLD,<span class="number">20</span>); </span><br><span class="line">        g.setColor(getRandColor(<span class="number">200</span>,<span class="number">250</span>));  </span><br><span class="line">        <span class="comment">//绘制背景  </span></span><br><span class="line">        g.fillRect(<span class="number">0</span>, <span class="number">0</span>, width, height);    </span><br><span class="line">        <span class="comment">//设置字体  </span></span><br><span class="line">        g.setFont(mfont);                   </span><br><span class="line">        g.setColor(getRandColor(<span class="number">180</span>,<span class="number">200</span>));  </span><br><span class="line">        <span class="comment">//绘制20条颜色和位置全部为随机产生的线条,该线条为2f  </span></span><br><span class="line">        <span class="keyword">for</span>(<span class="keyword">int</span> i=<span class="number">0</span>;i&lt;<span class="number">20</span>;i++)&#123;  </span><br><span class="line">            <span class="keyword">int</span> x=random.nextInt(width-<span class="number">1</span>);  </span><br><span class="line">            <span class="keyword">int</span> y=random.nextInt(height-<span class="number">1</span>);  </span><br><span class="line">            <span class="keyword">int</span> x1=random.nextInt(<span class="number">6</span>)+<span class="number">1</span>;  </span><br><span class="line">            <span class="keyword">int</span> y1=random.nextInt(<span class="number">12</span>)+<span class="number">1</span>;  </span><br><span class="line">            <span class="comment">//定制线条样式  </span></span><br><span class="line">            BasicStroke bs=<span class="keyword">new</span> BasicStroke(<span class="number">2f</span>,BasicStroke.CAP_BUTT,</span><br><span class="line">                BasicStroke.JOIN_BEVEL); </span><br><span class="line">            Line2D line=<span class="keyword">new</span> Line2D.Double(x,y,x+x1,y+y1);  </span><br><span class="line">            g2d.setStroke(bs); </span><br><span class="line">            <span class="comment">//绘制直线  </span></span><br><span class="line">            g2d.draw(line);     </span><br><span class="line">        &#125;  </span><br><span class="line">        String sRand=<span class="string">""</span>;  </span><br><span class="line">        String ctmp=<span class="string">""</span>;</span><br><span class="line">        String[] rBase=&#123;<span class="string">"1"</span>,<span class="string">"2"</span>,<span class="string">"3"</span>,<span class="string">"4"</span>,<span class="string">"5"</span>,<span class="string">"6"</span>,<span class="string">"7"</span>,<span class="string">"8"</span>,<span class="string">"9"</span>,</span><br><span class="line">                        <span class="string">"a"</span>,<span class="string">"b"</span>,<span class="string">"c"</span>,<span class="string">"d"</span>,<span class="string">"e"</span>,<span class="string">"f"</span>,<span class="string">"g"</span>,</span><br><span class="line">                        <span class="string">"h"</span>,<span class="string">"i"</span>,<span class="string">"j"</span>,<span class="string">"k"</span>,    <span class="string">"m"</span>,<span class="string">"n"</span>,</span><br><span class="line">                        <span class="string">"o"</span>,<span class="string">"p"</span>,<span class="string">"q"</span>,    <span class="string">"r"</span>,<span class="string">"s"</span>,<span class="string">"t"</span>,</span><br><span class="line">                        <span class="string">"u"</span>,<span class="string">"v"</span>,<span class="string">"w"</span>,    <span class="string">"x"</span>,<span class="string">"y"</span>,<span class="string">"z"</span>,</span><br><span class="line">                        <span class="string">"A"</span>,<span class="string">"B"</span>,<span class="string">"C"</span>,<span class="string">"D"</span>,<span class="string">"E"</span>,<span class="string">"F"</span>,<span class="string">"G"</span>,</span><br><span class="line">                        <span class="string">"H"</span>,    <span class="string">"J"</span>,<span class="string">"K"</span>,<span class="string">"L"</span>,<span class="string">"M"</span>,<span class="string">"N"</span>,</span><br><span class="line">                        <span class="string">"O"</span>,<span class="string">"P"</span>,<span class="string">"Q"</span>,    <span class="string">"R"</span>,<span class="string">"S"</span>,<span class="string">"T"</span>,</span><br><span class="line">                        <span class="string">"U"</span>,<span class="string">"V"</span>,<span class="string">"W"</span>,    <span class="string">"X"</span>,<span class="string">"Y"</span>,<span class="string">"Z"</span>&#125;;</span><br><span class="line">        <span class="comment">//制定输出的验证码为四位  </span></span><br><span class="line">        <span class="keyword">for</span>(<span class="keyword">int</span> i=<span class="number">0</span>;i&lt;<span class="number">4</span>;i++)&#123;  </span><br><span class="line">            <span class="keyword">int</span> index = random.nextInt(rBase.length-<span class="number">1</span>); </span><br><span class="line">            ctmp = rBase[index];  </span><br><span class="line">            sRand+=ctmp;  </span><br><span class="line">            Color color=<span class="keyword">new</span> Color(<span class="number">20</span>+random.nextInt(<span class="number">110</span>),<span class="number">20</span>+random.nextInt(<span class="number">110</span>),</span><br><span class="line">                random.nextInt(<span class="number">110</span>));  </span><br><span class="line">            g.setColor(color);  </span><br><span class="line">            <span class="comment">/*将文字旋转制定角度*/</span>  </span><br><span class="line">            Graphics2D g2d_word=(Graphics2D)g;  </span><br><span class="line">            AffineTransform trans=<span class="keyword">new</span> AffineTransform();  </span><br><span class="line">            <span class="comment">//trans.rotate((45)*3.14/180,15*i+8,7);  </span></span><br><span class="line">            <span class="comment">/*缩放文字*/</span>  </span><br><span class="line">            <span class="keyword">float</span> scaleSize=random.nextFloat()+<span class="number">0.8f</span>;  </span><br><span class="line">            <span class="keyword">if</span>(scaleSize&gt;<span class="number">1f</span>) scaleSize=<span class="number">1f</span>;  </span><br><span class="line">            trans.scale(scaleSize, scaleSize);  </span><br><span class="line">            g2d_word.setTransform(trans);  </span><br><span class="line">            g.drawString(ctmp, <span class="number">12</span>*i+<span class="number">12</span>, <span class="number">22</span>);  </span><br><span class="line">        &#125;  </span><br><span class="line">        HttpSession session=request.getSession(<span class="keyword">true</span>);  </span><br><span class="line">        session.setAttribute(<span class="string">"validateCode"</span>, sRand); </span><br><span class="line">        <span class="comment">//释放g所占用的系统资源</span></span><br><span class="line">        g.dispose(); </span><br><span class="line">        <span class="comment">//输出图片</span></span><br><span class="line">        ImageIO.write(image,<span class="string">"JPEG"</span>,response.getOutputStream()); </span><br><span class="line">    &#125;</span><br><span class="line">    <span class="comment">/*该方法主要作用是获得随机生成的颜色*/</span>   </span><br><span class="line">    <span class="function"><span class="keyword">public</span> Color <span class="title">getRandColor</span><span class="params">(<span class="keyword">int</span> s,<span class="keyword">int</span> e)</span></span>&#123;  </span><br><span class="line">        Random random=<span class="keyword">new</span> Random ();  </span><br><span class="line">        <span class="keyword">if</span>(s&gt;<span class="number">255</span>) s=<span class="number">255</span>;  </span><br><span class="line">        <span class="keyword">if</span>(e&gt;<span class="number">255</span>) e=<span class="number">255</span>;  </span><br><span class="line">        <span class="keyword">int</span> r,g,b;  </span><br><span class="line">        r=s+random.nextInt(e-s);    </span><br><span class="line">        g=s+random.nextInt(e-s);  </span><br><span class="line">        b=s+random.nextInt(e-s);   </span><br><span class="line">        <span class="keyword">return</span> <span class="keyword">new</span> Color(r,g,b);  </span><br><span class="line">    &#125; </span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure><p></p><p>接下来编写index.jsp，成功登录后跳转到该页面：</p><figure class="highlight html"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br></pre></td><td class="code"><pre><span class="line"><span class="tag">&lt;<span class="name">%@</span> <span class="attr">taglib</span> <span class="attr">uri</span>=<span class="string">"http://www.springframework.org/security/tags"</span> <span class="attr">prefix</span>=<span class="string">"sec"</span> %&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">%@</span> <span class="attr">taglib</span> <span class="attr">uri</span>=<span class="string">"http://www.springframework.org/tags"</span> <span class="attr">prefix</span>=<span class="string">"s"</span> %&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">%@</span> <span class="attr">taglib</span> <span class="attr">uri</span>=<span class="string">"http://java.sun.com/jsp/jstl/core"</span> <span class="attr">prefix</span>=<span class="string">"c"</span> %&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">html</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">head</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">meta</span> <span class="attr">http-equiv</span>=<span class="string">"Content-Type"</span> <span class="attr">content</span>=<span class="string">"text/html;charset=UTF-8"</span>/&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">title</span>&gt;</span>index page<span class="tag">&lt;/<span class="name">title</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">link</span> <span class="attr">href</span>=<span class="string">"&lt;c:url value='/css/templatemo_style.css'/&gt;"</span> <span class="attr">rel</span>=<span class="string">"stylesheet"</span> </span></span><br><span class="line"><span class="tag">        <span class="attr">type</span>=<span class="string">"text/css"</span>&gt;</span>	</span><br><span class="line"><span class="tag">&lt;/<span class="name">head</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">body</span> <span class="attr">class</span>=<span class="string">"templatemo-bg-gray"</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"index-div"</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">span</span> <span class="attr">class</span>=<span class="string">"index-text"</span>&gt;</span>hello:<span class="tag">&lt;<span class="name">sec:authentication</span> <span class="attr">property</span>=<span class="string">"name"</span>/&gt;</span><span class="tag">&lt;/<span class="name">span</span>&gt;</span><span class="tag">&lt;<span class="name">br</span>/&gt;</span> </span><br><span class="line">        <span class="tag">&lt;<span class="name">hr</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">a</span> <span class="attr">href</span>=<span class="string">"&lt;s:url value='/admin'/&gt;"</span>&gt;</span>admin.jsp<span class="tag">&lt;/<span class="name">a</span>&gt;</span>  </span><br><span class="line">        <span class="tag">&lt;<span class="name">a</span> <span class="attr">href</span>=<span class="string">"j_spring_security_logout"</span>&gt;</span>logout<span class="tag">&lt;/<span class="name">a</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;/<span class="name">div</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">body</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">html</span>&gt;</span></span><br></pre></td></tr></table></figure><p></p><p>编写admin.jsp用于测试权限控制：</p><figure class="highlight html"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line"><span class="tag">&lt;<span class="name">%@</span> <span class="attr">taglib</span> <span class="attr">uri</span>=<span class="string">"http://java.sun.com/jsp/jstl/core"</span> <span class="attr">prefix</span>=<span class="string">"c"</span> %&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">html</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">head</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">meta</span> <span class="attr">http-equiv</span>=<span class="string">"Content-Type"</span> <span class="attr">content</span>=<span class="string">"text/html;charset=UTF-8"</span>/&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">title</span>&gt;</span>admin page<span class="tag">&lt;/<span class="name">title</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">link</span> <span class="attr">href</span>=<span class="string">"&lt;c:url value='/css/templatemo_style.css'/&gt;"</span> <span class="attr">rel</span>=<span class="string">"stylesheet"</span> </span></span><br><span class="line"><span class="tag">        <span class="attr">type</span>=<span class="string">"text/css"</span>&gt;</span>	</span><br><span class="line"><span class="tag">&lt;/<span class="name">head</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">body</span> <span class="attr">class</span>=<span class="string">"templatemo-bg-gray"</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"index-div"</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">span</span> <span class="attr">class</span>=<span class="string">"index-text"</span>&gt;</span>welcome admin!<span class="tag">&lt;/<span class="name">span</span>&gt;</span><span class="tag">&lt;<span class="name">br</span>/&gt;</span> </span><br><span class="line">    <span class="tag">&lt;/<span class="name">div</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">body</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">html</span>&gt;</span></span><br></pre></td></tr></table></figure><p></p><p>页面跳转controller：</p><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">import</span> org.springframework.stereotype.Controller;</span><br><span class="line"><span class="keyword">import</span> org.springframework.web.bind.annotation.RequestMapping;</span><br><span class="line"> </span><br><span class="line"><span class="meta">@Controller</span></span><br><span class="line"><span class="keyword">public</span> <span class="class"><span class="keyword">class</span> <span class="title">LoginController</span> </span>&#123;</span><br><span class="line">    <span class="meta">@RequestMapping</span>(value=<span class="string">"/login"</span>)</span><br><span class="line">    <span class="function"><span class="keyword">public</span> String <span class="title">login</span><span class="params">()</span></span>&#123;</span><br><span class="line">        <span class="keyword">return</span> <span class="string">"login"</span>;</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="meta">@RequestMapping</span>(value=<span class="string">"/admin"</span>)</span><br><span class="line">    <span class="function"><span class="keyword">public</span> String <span class="title">admin</span><span class="params">()</span></span>&#123;</span><br><span class="line">        <span class="keyword">return</span> <span class="string">"admin"</span>;</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="meta">@RequestMapping</span>(value=<span class="string">"/index"</span>)</span><br><span class="line">    <span class="function"><span class="keyword">public</span> String <span class="title">index</span><span class="params">()</span></span>&#123;</span><br><span class="line">        <span class="keyword">return</span> <span class="string">"index"</span>;</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure><p></p><h2 id="处理登录"><a href="#处理登录" class="headerlink" title="处理登录"></a>处理登录</h2><p>在spring-security.xml文件中定义的loginfilter过滤器对应的类如下：</p><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br><span class="line">66</span><br><span class="line">67</span><br><span class="line">68</span><br><span class="line">69</span><br><span class="line">70</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">import</span> javax.servlet.http.HttpServletRequest;</span><br><span class="line"><span class="keyword">import</span> javax.servlet.http.HttpServletResponse;</span><br><span class="line"><span class="keyword">import</span> javax.servlet.http.HttpSession;</span><br><span class="line"> </span><br><span class="line"><span class="keyword">import</span> org.springframework.security.authentication.AuthenticationServiceException;</span><br><span class="line"><span class="keyword">import</span> org.springframework.security.authentication.UsernamePasswordAuthenticationToken;</span><br><span class="line"><span class="keyword">import</span> org.springframework.security.core.Authentication;</span><br><span class="line"><span class="keyword">import</span> org.springframework.security.core.AuthenticationException;</span><br><span class="line"><span class="keyword">import</span> org.springframework.security.web.authentication</span><br><span class="line">    .UsernamePasswordAuthenticationFilter;</span><br><span class="line"><span class="keyword">import</span> org.springframework.util.StringUtils;</span><br><span class="line"> </span><br><span class="line"><span class="keyword">public</span> <span class="class"><span class="keyword">class</span> <span class="title">MrbirdUsernamePasswordAuthenticationFilter</span> </span></span><br><span class="line"><span class="class">    <span class="keyword">extends</span> <span class="title">UsernamePasswordAuthenticationFilter</span></span>&#123;</span><br><span class="line">    <span class="keyword">private</span> <span class="keyword">boolean</span> postOnly = <span class="keyword">true</span>;</span><br><span class="line">    <span class="keyword">public</span> <span class="keyword">static</span> <span class="keyword">final</span> String VALIDATE_CODE = <span class="string">"validateCode"</span>;</span><br><span class="line">    <span class="function"><span class="keyword">public</span> Authentication <span class="title">attemptAuthentication</span><span class="params">(HttpServletRequest request,</span></span></span><br><span class="line"><span class="function"><span class="params">        HttpServletResponse response)</span> <span class="keyword">throws</span> AuthenticationException </span>&#123;</span><br><span class="line">        <span class="keyword">if</span> (postOnly &amp;&amp; !request.getMethod().equals(<span class="string">"POST"</span>)) &#123;</span><br><span class="line">            <span class="keyword">throw</span> <span class="keyword">new</span> AuthenticationServiceException(</span><br><span class="line">                <span class="string">"Authentication method not supported: "</span> + request.getMethod());</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="comment">//获取输入的用户名和密码 </span></span><br><span class="line">        String username = obtainUsername(request);</span><br><span class="line">        String password = obtainPassword(request);</span><br><span class="line">        <span class="comment">//校验</span></span><br><span class="line">        <span class="keyword">if</span> (username == <span class="keyword">null</span> || StringUtils.isEmpty(username.trim())) &#123;</span><br><span class="line">            <span class="comment">//校验不通过时抛出相应的异常</span></span><br><span class="line">            <span class="keyword">throw</span> <span class="keyword">new</span> AuthenticationServiceException(</span><br><span class="line">                messages.getMessage(<span class="string">"Auth.usernameIsNull"</span>));</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="keyword">if</span> (password == <span class="keyword">null</span> || StringUtils.isEmpty(password.trim())) &#123;</span><br><span class="line">            <span class="keyword">throw</span> <span class="keyword">new</span> AuthenticationServiceException(</span><br><span class="line">                messages.getMessage(<span class="string">"Auth.passwordIsNull"</span>));</span><br><span class="line">        &#125;</span><br><span class="line">        <span class="comment">//校验验证码</span></span><br><span class="line">        checkValidateCode(request);</span><br><span class="line">        </span><br><span class="line">        username = username.trim();</span><br><span class="line">        UsernamePasswordAuthenticationToken authRequest</span><br><span class="line">            = <span class="keyword">new</span> UsernamePasswordAuthenticationToken(username, password);</span><br><span class="line">        </span><br><span class="line">        setDetails(request, authRequest);</span><br><span class="line">        <span class="comment">//不做用户的验证工作，因为在org.springframework.security.web.access</span></span><br><span class="line">        <span class="comment">//.intercept.FilterSecurityInterceptor中会做验证。不需要重复验证。</span></span><br><span class="line">        <span class="keyword">return</span> <span class="keyword">this</span>.getAuthenticationManager().authenticate(authRequest);</span><br><span class="line">    &#125;</span><br><span class="line">    <span class="function"><span class="keyword">protected</span> <span class="keyword">void</span> <span class="title">checkValidateCode</span><span class="params">(HttpServletRequest request)</span> </span>&#123;   </span><br><span class="line">        HttpSession session = request.getSession();  </span><br><span class="line">        String sessionValidateCode = obtainSessionValidateCode(session);   </span><br><span class="line">        <span class="comment">//让上一次的验证码失效  </span></span><br><span class="line">        session.setAttribute(VALIDATE_CODE, <span class="keyword">null</span>);  </span><br><span class="line">        String validateCodeParameter = obtainValidateCodeParameter(request);    </span><br><span class="line">        <span class="keyword">if</span> (StringUtils.isEmpty(validateCodeParameter)</span><br><span class="line">            || !sessionValidateCode.equalsIgnoreCase(validateCodeParameter)) &#123;    </span><br><span class="line">            <span class="keyword">throw</span> <span class="keyword">new</span> AuthenticationServiceException(<span class="string">"验证码错误！"</span>);    </span><br><span class="line">        &#125;    </span><br><span class="line">    &#125;  </span><br><span class="line">      </span><br><span class="line">    <span class="function"><span class="keyword">private</span> String <span class="title">obtainValidateCodeParameter</span><span class="params">(HttpServletRequest request)</span> </span>&#123;  </span><br><span class="line">        Object obj = request.getParameter(VALIDATE_CODE);  </span><br><span class="line">        <span class="keyword">return</span> <span class="keyword">null</span> == obj ? <span class="string">""</span> : obj.toString().toLowerCase();  </span><br><span class="line">    &#125;  </span><br><span class="line">    </span><br><span class="line">    <span class="function"><span class="keyword">protected</span> String <span class="title">obtainSessionValidateCode</span><span class="params">(HttpSession session)</span> </span>&#123;  </span><br><span class="line">        Object obj = session.getAttribute(VALIDATE_CODE);  </span><br><span class="line">        <span class="keyword">return</span> <span class="keyword">null</span> == obj ? <span class="string">""</span> : obj.toString().toLowerCase();  </span><br><span class="line">    &#125;  </span><br><span class="line">	</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure><p></p><p><code>MrbirdUsernamePasswordAuthenticationFilter</code>继承自<code>UsernamePasswordAuthenticationFilter</code>，主要工作是获取用户在登录界面输入的用户名和密码，并判断是否为空，以及判断验证码的正确性。</p><p><code>UsernamePasswordAuthenticationToken</code> 中有2个参数<code>Object principal</code>（主要的身份认证信息），<code>Object credentials</code>（用于证明principal是正确的信息，比如密码）在一个带有username和password的权限认证请求中，principal就会被赋值username，credentials就会被赋值password。</p><p>我们还可以在Spring Security.xml中的loginfilter bean配置登录成功与失败的过滤器：</p><figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br></pre></td><td class="code"><pre><span class="line"><span class="tag">&lt;<span class="name">b:bean</span> <span class="attr">id</span>=<span class="string">"loginfilter"</span> </span></span><br><span class="line"><span class="tag">    <span class="attr">class</span>=<span class="string">"spring.security.web.MrbirdUsernamePasswordAuthenticationFilter"</span>&gt;</span></span><br><span class="line">    ...</span><br><span class="line">    <span class="comment">&lt;!-- 验证成功后的处理--&gt;</span>  </span><br><span class="line">    <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"authenticationSuccessHandler"</span> <span class="attr">ref</span>=<span class="string">"authenticationSuccessHandler"</span>/&gt;</span> </span><br><span class="line">    <span class="comment">&lt;!-- 验证失败后的处理--&gt;</span>  </span><br><span class="line">    <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"authenticationFailureHandler"</span> <span class="attr">ref</span>=<span class="string">"authenticationFailureHandler"</span>/&gt;</span> </span><br><span class="line">    ...</span><br><span class="line"><span class="tag">&lt;/<span class="name">b:bean</span>&gt;</span></span><br><span class="line"><span class="comment">&lt;!-- 登入信息验证失败后，退回到登入页面 --&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">b:bean</span> <span class="attr">id</span>=<span class="string">"authenticationFailureHandler"</span>  </span></span><br><span class="line"><span class="tag">    <span class="attr">class</span>=<span class="string">"org.springframework.security.web.authentication</span></span></span><br><span class="line"><span class="tag"><span class="string">                .SimpleUrlAuthenticationFailureHandler"</span>&gt;</span>  </span><br><span class="line">    <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"defaultFailureUrl"</span> <span class="attr">value</span>=<span class="string">"/login?error=true"</span>/&gt;</span>  </span><br><span class="line"><span class="tag">&lt;/<span class="name">b:bean</span>&gt;</span> </span><br><span class="line"><span class="comment">&lt;!-- 登入信息验证成功后，登入系统主页 --&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">b:bean</span> <span class="attr">id</span>=<span class="string">"authenticationSuccessHandler"</span></span></span><br><span class="line"><span class="tag">    <span class="attr">class</span>=<span class="string">"spring.security.web.MrbirdLoginSuccessHandler"</span>&gt;</span>         </span><br><span class="line">    <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"defaultTargetUrl"</span> <span class="attr">value</span>=<span class="string">"/index"</span>/&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">b:bean</span>&gt;</span></span><br></pre></td></tr></table></figure><p></p><p>其中，<code>MrbirdLoginSuccessHandler</code>用于处理登录成功后的操作，比如生成日志等：</p><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">import</span> java.io.IOException;</span><br><span class="line"><span class="keyword">import</span> javax.servlet.ServletException;</span><br><span class="line"><span class="keyword">import</span> javax.servlet.http.HttpServletRequest;</span><br><span class="line"><span class="keyword">import</span> javax.servlet.http.HttpServletResponse;</span><br><span class="line"> </span><br><span class="line"><span class="keyword">import</span> org.springframework.security.core.Authentication;</span><br><span class="line"><span class="keyword">import</span> org.springframework.security.core.userdetails.User;</span><br><span class="line"><span class="keyword">import</span> org.springframework.security.web.authentication</span><br><span class="line">        .SavedRequestAwareAuthenticationSuccessHandler;</span><br><span class="line"> </span><br><span class="line"><span class="keyword">public</span> <span class="class"><span class="keyword">class</span> <span class="title">MrbirdLoginSuccessHandler</span> </span></span><br><span class="line"><span class="class">    <span class="keyword">extends</span> <span class="title">SavedRequestAwareAuthenticationSuccessHandler</span> </span>&#123;</span><br><span class="line">        <span class="function"><span class="keyword">public</span> <span class="keyword">void</span> <span class="title">onAuthenticationSuccess</span><span class="params">(HttpServletRequest request, </span></span></span><br><span class="line"><span class="function"><span class="params">            HttpServletResponse response,Authentication authentication)</span> </span></span><br><span class="line"><span class="function">            <span class="keyword">throws</span> ServletException, IOException</span>&#123;</span><br><span class="line">        System.out.println(<span class="string">"登录成功！"</span>);</span><br><span class="line">        <span class="comment">//获取登录人信息</span></span><br><span class="line">        User user = (User) authentication.getPrincipal();</span><br><span class="line">        System.out.println(user.getUsername()+user.getAuthorities());</span><br><span class="line">        <span class="comment">//跳转到主页面</span></span><br><span class="line">        <span class="keyword">super</span>.onAuthenticationSuccess(request, response, authentication);</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure><p></p><h2 id="处理登出"><a href="#处理登出" class="headerlink" title="处理登出"></a>处理登出</h2><p>同样，我们可以添加登出过滤器，在Spring Security.xml中的<http auto-config="true">中配置登出过滤器：<figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line"><span class="tag">&lt;<span class="name">http</span> <span class="attr">auto-config</span>=<span class="string">"true"</span>&gt;</span></span><br><span class="line">    ...</span><br><span class="line">    <span class="tag">&lt;<span class="name">logout</span> <span class="attr">invalidate-session</span>=<span class="string">"true"</span>  <span class="attr">logout-url</span>=<span class="string">"/j_spring_security_logout"</span></span></span><br><span class="line"><span class="tag">        <span class="attr">success-handler-ref</span>=<span class="string">"logoutSuccessHandler"</span>/&gt;</span> </span><br><span class="line"><span class="tag">&lt;/<span class="name">http</span>&gt;</span></span><br><span class="line"> <span class="comment">&lt;!-- 登出成功，处理类 --&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">b:bean</span> <span class="attr">id</span>=<span class="string">"logoutSuccessHandler"</span>   </span></span><br><span class="line"><span class="tag">    <span class="attr">class</span>=<span class="string">"spring.security.web.MrbirdLogoutSuccessHandler"</span>&gt;</span>         </span><br><span class="line">    <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"defaultTargetUrl"</span> <span class="attr">value</span>=<span class="string">"/login"</span>/&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">b:bean</span>&gt;</span></span><br></pre></td></tr></table></figure></http></p><p><code>logoutSuccessHandler</code>对应的类<code>MrbirdLogoutSuccessHandler</code>：</p><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">import</span> java.io.IOException;</span><br><span class="line"><span class="keyword">import</span> javax.servlet.ServletException;</span><br><span class="line"><span class="keyword">import</span> javax.servlet.http.HttpServletRequest;</span><br><span class="line"><span class="keyword">import</span> javax.servlet.http.HttpServletResponse;</span><br><span class="line"> </span><br><span class="line"><span class="keyword">import</span> org.springframework.security.core.Authentication;</span><br><span class="line"><span class="keyword">import</span> org.springframework.security.core.userdetails.User;</span><br><span class="line"><span class="keyword">import</span> org.springframework.security.web.authentication</span><br><span class="line">    .AbstractAuthenticationTargetUrlRequestHandler;</span><br><span class="line"><span class="keyword">import</span> org.springframework.security.web.authentication.logout</span><br><span class="line">    .LogoutSuccessHandler;</span><br><span class="line"> </span><br><span class="line"><span class="keyword">public</span> <span class="class"><span class="keyword">class</span> <span class="title">MrbirdLogoutSuccessHandler</span> </span></span><br><span class="line"><span class="class">    <span class="keyword">extends</span> <span class="title">AbstractAuthenticationTargetUrlRequestHandler</span> </span></span><br><span class="line"><span class="class">    <span class="keyword">implements</span> <span class="title">LogoutSuccessHandler</span></span>&#123;</span><br><span class="line">    <span class="function"><span class="keyword">public</span> <span class="keyword">void</span> <span class="title">onLogoutSuccess</span><span class="params">(HttpServletRequest request,</span></span></span><br><span class="line"><span class="function"><span class="params">        HttpServletResponse response, Authentication authentication)</span></span></span><br><span class="line"><span class="function">        <span class="keyword">throws</span> IOException, ServletException </span>&#123;</span><br><span class="line">        System.out.println(<span class="string">"登出成功！"</span>);</span><br><span class="line">        User user = (User) authentication.getPrincipal();</span><br><span class="line">        System.out.println(user.getUsername()+user.getAuthorities());</span><br><span class="line">        <span class="comment">//跳转到登录页</span></span><br><span class="line">        <span class="keyword">super</span>.handle(request, response, authentication);</span><br><span class="line">    &#125;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure><p></p><h2 id="异常信息本地化"><a href="#异常信息本地化" class="headerlink" title="异常信息本地化"></a>异常信息本地化</h2><p>Spring Security自带的异常信息显示是纯英文的，但Spring Security支持异常信息本地化，这些信息包括认证失败、访问被拒绝等。</p><p>在Spring Security.xml中配置：</p><figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br></pre></td><td class="code"><pre><span class="line"><span class="tag">&lt;<span class="name">b:bean</span> <span class="attr">id</span>=<span class="string">"loginfilter"</span> </span></span><br><span class="line"><span class="tag">    <span class="attr">class</span>=<span class="string">"spring.security.web.MrbirdUsernamePasswordAuthenticationFilter"</span>&gt;</span></span><br><span class="line">    ...</span><br><span class="line">    <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"messageSource"</span> <span class="attr">ref</span>=<span class="string">"messageSource"</span>/&gt;</span> </span><br><span class="line"><span class="tag">&lt;/<span class="name">b:bean</span>&gt;</span></span><br><span class="line"><span class="comment">&lt;!-- 定义登录页面异常信息的本地化 --&gt;</span>  </span><br><span class="line"><span class="tag">&lt;<span class="name">b:bean</span> <span class="attr">id</span>=<span class="string">"messageSource"</span>  </span></span><br><span class="line"><span class="tag">    <span class="attr">class</span>=<span class="string">"org.springframework.context.support.ReloadableResourceBundleMessageSource"</span>&gt;</span>  </span><br><span class="line">    <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"basename"</span> <span class="attr">value</span>=<span class="string">"classpath:messages_zh_CN"</span>/&gt;</span> </span><br><span class="line"><span class="tag">&lt;/<span class="name">b:bean</span>&gt;</span></span><br></pre></td></tr></table></figure><p></p><p>其中，messages_zh_CN.properties配置如下：</p><figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">AbstractUserDetailsAuthenticationProvider.badCredentials=\u8D26\u53F7\u6216\u5BC6\u7801\u9519\u8BEF</span><br><span class="line">Auth.usernameIsNull=\u8D26\u53F7\u4E0D\u80FD\u4E3A\u7A7A</span><br><span class="line">Auth.passwordIsNull=\u5BC6\u7801\u4E0D\u80FD\u4E3A\u7A7A</span><br></pre></td></tr></table></figure><p></p><p><code>AbstractUserDetailsAuthenticationProvider.badCredentials</code>定义了账户或密码不匹配时候的异常信息，<code>Auth.usernameIsNull</code>和A<code>uth.passwordIsNull</code>则是<code>MrbirdUsernamePasswordAuthenticationFilter</code>中抛出的异常。</p><h2 id="自定义限制页面"><a href="#自定义限制页面" class="headerlink" title="自定义限制页面"></a>自定义限制页面</h2><p>当页面因为用户权限不足而受限的时候，显示的是403 Access is Denied页面，我们可以自定义这个受限页面。</p><p>修改配置spring security.xml文件的<http>元素，添加自定义访问拒绝页面的地址：<figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="tag">&lt;<span class="name">http</span> <span class="attr">auto-config</span>=<span class="string">"true"</span> <span class="attr">access-denied-page</span>=<span class="string">"/deny"</span> &gt;</span></span><br><span class="line">    ...</span><br><span class="line"><span class="tag">&lt;/<span class="name">http</span>&gt;</span></span><br></pre></td></tr></table></figure></http></p><p>在LoginController中添加：</p><figure class="highlight java"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">...</span><br><span class="line"><span class="meta">@RequestMapping</span>(value=<span class="string">"/deny"</span>)</span><br><span class="line"><span class="function"><span class="keyword">public</span> String <span class="title">deny</span><span class="params">()</span></span>&#123;</span><br><span class="line">    <span class="keyword">return</span> <span class="string">"deny"</span>;</span><br><span class="line">&#125;</span><br></pre></td></tr></table></figure><p></p><h2 id="deny-jsp"><a href="#deny-jsp" class="headerlink" title="deny.jsp"></a>deny.jsp</h2><figure class="highlight html"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br></pre></td><td class="code"><pre><span class="line"><span class="tag">&lt;<span class="name">%@</span> <span class="attr">taglib</span> <span class="attr">uri</span>=<span class="string">"http://java.sun.com/jsp/jstl/core"</span> <span class="attr">prefix</span>=<span class="string">"c"</span> %&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">html</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">head</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">meta</span> <span class="attr">http-equiv</span>=<span class="string">"Content-Type"</span> <span class="attr">content</span>=<span class="string">"text/html;charset=UTF-8"</span>/&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">title</span>&gt;</span>deny page<span class="tag">&lt;/<span class="name">title</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">link</span> <span class="attr">href</span>=<span class="string">"&lt;c:url value='/css/templatemo_style.css'/&gt;"</span> <span class="attr">rel</span>=<span class="string">"stylesheet"</span> <span class="attr">type</span>=<span class="string">"text/css"</span>&gt;</span>	</span><br><span class="line"><span class="tag">&lt;/<span class="name">head</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">body</span> <span class="attr">class</span>=<span class="string">"templatemo-bg-gray"</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">div</span> <span class="attr">class</span>=<span class="string">"index-div"</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">span</span> <span class="attr">class</span>=<span class="string">"index-text-deny"</span> <span class="attr">style</span>=<span class="string">'color:#C7425C;font-size:28px;'</span>&gt;</span></span><br><span class="line">            sorry,Insufficient authority +_+</span><br><span class="line">        <span class="tag">&lt;/<span class="name">span</span>&gt;</span><span class="tag">&lt;<span class="name">br</span>/&gt;</span></span><br><span class="line">    <span class="tag">&lt;/<span class="name">div</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">body</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">html</span>&gt;</span></span><br></pre></td></tr></table></figure><h2 id="测试"><a href="#测试" class="headerlink" title="测试"></a>测试</h2><p>最终，工程的目录结构为：</p><p><img src="img/30421015-file_1488435913481_11db7.png" alt="30421015-file_1488435913481_11db7.png"></p><p>spring security.xml最终配置如下：</p><figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br><span class="line">25</span><br><span class="line">26</span><br><span class="line">27</span><br><span class="line">28</span><br><span class="line">29</span><br><span class="line">30</span><br><span class="line">31</span><br><span class="line">32</span><br><span class="line">33</span><br><span class="line">34</span><br><span class="line">35</span><br><span class="line">36</span><br><span class="line">37</span><br><span class="line">38</span><br><span class="line">39</span><br><span class="line">40</span><br><span class="line">41</span><br><span class="line">42</span><br><span class="line">43</span><br><span class="line">44</span><br><span class="line">45</span><br><span class="line">46</span><br><span class="line">47</span><br><span class="line">48</span><br><span class="line">49</span><br><span class="line">50</span><br><span class="line">51</span><br><span class="line">52</span><br><span class="line">53</span><br><span class="line">54</span><br><span class="line">55</span><br><span class="line">56</span><br><span class="line">57</span><br><span class="line">58</span><br><span class="line">59</span><br><span class="line">60</span><br><span class="line">61</span><br><span class="line">62</span><br><span class="line">63</span><br><span class="line">64</span><br><span class="line">65</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">&lt;?xml version="1.0" encoding="UTF-8"?&gt;</span></span><br><span class="line"><span class="tag">&lt;<span class="name">b:beans</span> <span class="attr">xmlns:b</span>=<span class="string">"http://www.springframework.org/schema/beans"</span></span></span><br><span class="line"><span class="tag">    <span class="attr">xmlns</span>=<span class="string">"http://www.springframework.org/schema/security"</span></span></span><br><span class="line"><span class="tag">    <span class="attr">xmlns:xsi</span>=<span class="string">"http://www.w3.org/2001/XMLSchema-instance"</span></span></span><br><span class="line"><span class="tag">    <span class="attr">xsi:schemaLocation</span>=<span class="string">"http://www.springframework.org/schema/beans </span></span></span><br><span class="line"><span class="tag"><span class="string">        http://www.springframework.org/schema/beans/spring-beans-4.3.xsd</span></span></span><br><span class="line"><span class="tag"><span class="string">        http://www.springframework.org/schema/security </span></span></span><br><span class="line"><span class="tag"><span class="string">        http://www.springframework.org/schema/security/spring-security-3.2.xsd"</span>&gt;</span></span><br><span class="line">    <span class="comment">&lt;!-- 设置免验证路径 --&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">http</span> <span class="attr">pattern</span>=<span class="string">"/**/*.css"</span> <span class="attr">security</span>=<span class="string">"none"</span>/&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">http</span> <span class="attr">pattern</span>=<span class="string">"/**/*.jpg"</span> <span class="attr">security</span>=<span class="string">"none"</span>/&gt;</span>  </span><br><span class="line">    <span class="tag">&lt;<span class="name">http</span> <span class="attr">pattern</span>=<span class="string">"/**/*.jpeg"</span> <span class="attr">security</span>=<span class="string">"none"</span>/&gt;</span> </span><br><span class="line">    <span class="tag">&lt;<span class="name">http</span> <span class="attr">pattern</span>=<span class="string">"/checkCode"</span> <span class="attr">security</span>=<span class="string">"none"</span>/&gt;</span> </span><br><span class="line">    <span class="tag">&lt;<span class="name">http</span> <span class="attr">auto-config</span>=<span class="string">"true"</span> <span class="attr">access-denied-page</span>=<span class="string">"/deny"</span> <span class="attr">use-expressions</span>=<span class="string">"true"</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">intercept-url</span> <span class="attr">pattern</span>=<span class="string">"/login"</span> <span class="attr">access</span>=<span class="string">"permitAll"</span> /&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">intercept-url</span> <span class="attr">pattern</span>=<span class="string">"/admin"</span> <span class="attr">access</span>=<span class="string">"hasRole('ROLE_ADMIN')"</span>/&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">intercept-url</span> <span class="attr">pattern</span>=<span class="string">"/**"</span> <span class="attr">access</span>=<span class="string">"hasRole('ROLE_USER')"</span>/&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">form-login</span> <span class="attr">login-page</span>=<span class="string">"/login"</span>/&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">custom-filter</span> <span class="attr">ref</span>=<span class="string">"loginfilter"</span> <span class="attr">before</span>=<span class="string">"FORM_LOGIN_FILTER"</span>  /&gt;</span> </span><br><span class="line">        <span class="tag">&lt;<span class="name">logout</span> <span class="attr">invalidate-session</span>=<span class="string">"true"</span>  <span class="attr">logout-url</span>=<span class="string">"/j_spring_security_logout"</span> </span></span><br><span class="line"><span class="tag">            <span class="attr">success-handler-ref</span>=<span class="string">"logoutSuccessHandler"</span>/&gt;</span> </span><br><span class="line">    <span class="tag">&lt;/<span class="name">http</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">b:bean</span> <span class="attr">id</span>=<span class="string">"loginfilter"</span> </span></span><br><span class="line"><span class="tag">	    <span class="attr">class</span>=<span class="string">"spring.security.web.MrbirdUsernamePasswordAuthenticationFilter"</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"filterProcessesUrl"</span> <span class="attr">value</span>=<span class="string">"/j_spring_security_check"</span>/&gt;</span> </span><br><span class="line">        <span class="comment">&lt;!-- 登入页面form mothed 必须是post --&gt;</span> </span><br><span class="line">        <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"postOnly"</span> <span class="attr">value</span>=<span class="string">"true"</span>/&gt;</span></span><br><span class="line">        <span class="comment">&lt;!-- 权限管理器 --&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"authenticationManager"</span> <span class="attr">ref</span>=<span class="string">"authenticationManager"</span> /&gt;</span> </span><br><span class="line">        <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"continueChainBeforeSuccessfulAuthentication"</span> <span class="attr">value</span>=<span class="string">"false"</span>/&gt;</span></span><br><span class="line">        <span class="comment">&lt;!-- 验证成功后的处理--&gt;</span>  </span><br><span class="line">        <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"authenticationSuccessHandler"</span> <span class="attr">ref</span>=<span class="string">"authenticationSuccessHandler"</span>/&gt;</span> </span><br><span class="line">        <span class="comment">&lt;!-- 验证失败后的处理--&gt;</span>  </span><br><span class="line">        <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"authenticationFailureHandler"</span> <span class="attr">ref</span>=<span class="string">"authenticationFailureHandler"</span>/&gt;</span> </span><br><span class="line">        <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"messageSource"</span> <span class="attr">ref</span>=<span class="string">"messageSource"</span>/&gt;</span> </span><br><span class="line">    <span class="tag">&lt;/<span class="name">b:bean</span>&gt;</span></span><br><span class="line">    <span class="comment">&lt;!-- 定义登录页面异常信息的本地化 --&gt;</span>  </span><br><span class="line">    <span class="tag">&lt;<span class="name">b:bean</span> <span class="attr">id</span>=<span class="string">"messageSource"</span>  </span></span><br><span class="line"><span class="tag">        <span class="attr">class</span>=<span class="string">"org.springframework.context.support.ReloadableResourceBundleMessageSource"</span>&gt;</span>  </span><br><span class="line">        <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"basename"</span> <span class="attr">value</span>=<span class="string">"classpath:messages_zh_CN"</span>/&gt;</span> </span><br><span class="line">    <span class="tag">&lt;/<span class="name">b:bean</span>&gt;</span></span><br><span class="line">    <span class="comment">&lt;!-- 登入信息验证失败后，退回到登入页面 --&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">b:bean</span> <span class="attr">id</span>=<span class="string">"authenticationFailureHandler"</span>  </span></span><br><span class="line"><span class="tag">        <span class="attr">class</span>=<span class="string">"org.springframework.security.web.authentication</span></span></span><br><span class="line"><span class="tag"><span class="string">            .SimpleUrlAuthenticationFailureHandler"</span>&gt;</span>  </span><br><span class="line">        <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"defaultFailureUrl"</span> <span class="attr">value</span>=<span class="string">"/login?error=true"</span>/&gt;</span>  </span><br><span class="line">    <span class="tag">&lt;/<span class="name">b:bean</span>&gt;</span> </span><br><span class="line">    <span class="comment">&lt;!-- 登入信息验证成功后，登入系统主页 --&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">b:bean</span> <span class="attr">id</span>=<span class="string">"authenticationSuccessHandler"</span></span></span><br><span class="line"><span class="tag">	    <span class="attr">class</span>=<span class="string">"spring.security.web.MrbirdLoginSuccessHandler"</span>&gt;</span>         </span><br><span class="line">        <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"defaultTargetUrl"</span> <span class="attr">value</span>=<span class="string">"/index"</span>/&gt;</span></span><br><span class="line">    <span class="tag">&lt;/<span class="name">b:bean</span>&gt;</span>  </span><br><span class="line">     <span class="comment">&lt;!-- 登出成功，处理类 --&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">b:bean</span> <span class="attr">id</span>=<span class="string">"logoutSuccessHandler"</span>    </span></span><br><span class="line"><span class="tag">        <span class="attr">class</span>=<span class="string">"spring.security.web.MrbirdLogoutSuccessHandler"</span>&gt;</span>         </span><br><span class="line">        <span class="tag">&lt;<span class="name">b:property</span> <span class="attr">name</span>=<span class="string">"defaultTargetUrl"</span> <span class="attr">value</span>=<span class="string">"/login"</span>/&gt;</span></span><br><span class="line">    <span class="tag">&lt;/<span class="name">b:bean</span>&gt;</span> </span><br><span class="line">    <span class="tag">&lt;<span class="name">user-service</span> <span class="attr">id</span>=<span class="string">"user_service"</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">user</span> <span class="attr">name</span>=<span class="string">"admin"</span> <span class="attr">password</span>=<span class="string">"123456"</span> <span class="attr">authorities</span>=<span class="string">"ROLE_USER,ROLE_ADMIN"</span>/&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">user</span> <span class="attr">name</span>=<span class="string">"user"</span> <span class="attr">password</span>=<span class="string">"123456"</span> <span class="attr">authorities</span>=<span class="string">"ROLE_USER"</span>/&gt;</span></span><br><span class="line">    <span class="tag">&lt;/<span class="name">user-service</span>&gt;</span></span><br><span class="line">    <span class="tag">&lt;<span class="name">authentication-manager</span> <span class="attr">alias</span>=<span class="string">"authenticationManager"</span>&gt;</span></span><br><span class="line">        <span class="tag">&lt;<span class="name">authentication-provider</span> <span class="attr">user-service-ref</span>=<span class="string">"user_service"</span>/&gt;</span></span><br><span class="line">    <span class="tag">&lt;/<span class="name">authentication-manager</span>&gt;</span></span><br><span class="line"><span class="tag">&lt;/<span class="name">b:beans</span>&gt;</span></span><br></pre></td></tr></table></figure><p></p><p>启动工程，访问：<a href="http://localhost:8080/spring-security/login" target="_blank" rel="noopener">http://localhost:8080/spring-security/login</a></p><p><img src="img/47298958-file_1487996693373_ac23.png" alt="47298958-file_1487996693373_ac23.png"></p><p>当登录失败时，页面如下：</p><p><img src="img/41595291-file_1487996714125_5670.png" alt="41595291-file_1487996714125_5670.png"></p><p>admin成功登录后：</p><p><img src="img/74906915-file_1487996735917_4f76.png" alt="74906915-file_1487996735917_4f76.png"></p><p>控制台输出：</p><figure class="highlight xml"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">登录成功！</span><br><span class="line">admin[ROLE_ADMIN, ROLE_USER]</span><br></pre></td></tr></table></figure><p></p><p>点击admin.jsp：</p><p><img src="img/49887609-file_1487996760103_2fc7.png" alt="49887609-file_1487996760103_2fc7.png"></p><p>点击logout回到登录页面，使用user登录：</p><p><img src="img/87434140-file_1487996785624_ce45.png" alt="87434140-file_1487996785624_ce45.png"></p><p>点击admin.jsp：</p><p><img src="img/98435752-file_1487996804588_a6ef.png" alt="98435752-file_1487996804588_a6ef.png"></p><p>访问受限。</p><blockquote><p><a href="https://drive.google.com/open?id=15ONAkSZIHB6hT00NSEBrkvAQtVeTxTG2" target="_blank" rel="noopener">source code</a></p></blockquote><script>$(".post-body a").not(".thispage").addClass("ignore-href").attr("target","_blank")</script></div><div></div><div><div style="padding:10px 0;margin:20px auto;width:90%;text-align:center;color:#878787"><div>请作者喝瓶肥宅水~</div><button id="rewardButton" style="margin-top:10px" disable="enable" onclick='var e=document.getElementById("QR");"none"===e.style.display?e.style.display="block":e.style.display="none"'><span style="height:46px;width:46px;line-height:46px;border-radius:50%;color:#fe5f55;font-weight:600;background:#ffd5be;border:none;box-shadow:0 4px 8px 0 rgba(255,213,190,.4)">￥</span></button><div id="QR" style="display:none"><div id="wechat" style="display:inline-block"><img id="wechat_qr" src="/img/wechat_pay.png" alt="MrBird WeChat Pay"></div><div id="alipay" style="display:inline-block"><img id="alipay_qr" src="/img/ali_pay.png" alt="MrBird Alipay"></div></div></div><style>#QR img{width:auto;margin:.8em 1em 0 1em}</style></div><div><ul class="post-copyright"><li class="post-copyright-author"><strong>本文作者：</strong> MrBird</li><li class="post-copyright-link"><strong>本文链接：</strong> <a href="http://mrbird.cc/自定义Spring-Security登录页.html" title="自定义Spring Security登录页">http://mrbird.cc/自定义Spring-Security登录页.html</a></li><li class="post-copyright-license"><strong>版权声明： </strong>本博客所有文章除特别声明外，均采用 <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/" rel="external nofollow" target="_blank">CC BY-NC-SA 4.0</a> 许可协议。转载请注明出处！</li></ul></div><footer class="post-footer"><div class="post-tags" style="margin-bottom:1.3rem"><a href="/tags/Spring/" rel="tag"># Spring</a> <a href="/tags/Spring-Security/" rel="tag"># Spring Security</a></div><div class="post-nav"><div class="post-nav-next post-nav-item"><a href="/Carrying-data-across-redirect-requests.html" rel="next" title="Carrying data across redirect requests"><i class="fa fa-chevron-left"></i> Carrying data across redirect requests</a></div><span class="post-nav-divider"></span><div class="post-nav-prev post-nav-item"><a href="/基于数据库用户认证.html" rel="prev" title="基于数据库用户认证">基于数据库用户认证 <i class="fa fa-chevron-right"></i></a></div></div></footer></article><hr><div id="container"></div><div class="post-spread"><div id="comment-div"></div><style>.valine .vlist{margin-bottom:3rem}.valine .vwrap .vcontrol .col.col-60{text-align:left}.valine .vlist .vcard .vhead,.valine .vlist .vcard section .vfooter{text-align:left}.valine .vlist .vcard section{padding-bottom:.5rem!important}.vname{color:#42b983!important}.valine .vinfo .col{text-align:left;margin-left:-27rem}div#comment-div{margin-bottom:-8rem}.valine .vlist .vcard .vcontent .code,.valine .vlist .vcard .vcontent code,.valine .vlist .vcard .vcontent pre{background:#fbfbfb}.valine .vlist .vcard .vcontent a{color:#42b983}.valine .vlist .vcard .vimg{border-radius:3px}.valine .vbtn{border-radius:2px;padding:.3rem 1.25rem}.valine .vbtn:active,.valine .vbtn:hover{color:#42b983;border-color:#42b983;background-color:#fff}.valine .vwrap .vheader .vinput:focus{border-bottom-color:#42b983}.valine .vlist .vcard .vcontent.expand:before{background:-webkit-gradient(linear,left top,left bottom,from(hsla(0,0%,100%,0)),to(hsla(0,0%,100%,.2)));background:linear-gradient(180deg,hsla(0,0%,100%,0),hsla(0,0%,100%,.2))}.valine .vlist .vcard .vcontent.expand:after{content:"点击展开";font-size:.4rem;text-align:right;left:-1rem;background:hsla(0,0%,100%,.2)}.valine .vlist .vcard section .vfooter .vat{color:#b3b3b3}.valine .vlist .vcard section .vfooter .vat:hover{color:#42b983}.vcontent img{margin:0}.valine .info{display:none}</style><script type="text/javascript" src="/js/av.min.js"></script><script type="text/javascript" src="/js/Valine.min.js"></script><script type="text/javascript" src="/js/activate-power-mode.js"></script><script>POWERMODE.colorful=!0,POWERMODE.shake=!1,document.body.addEventListener("input",POWERMODE),new Valine({el:"#comment-div",notify:!1,verify:!0,appId:"SMcDFP1bN1jgb9Lo8JmtICHm-gzGzoHsz",appKey:"dH4nrUrt3V5XiJiI6Qyejnbi",placeholder:"",path:window.location.pathname,avatar:"monsterid",guest_info:["nick","mail","link"]});var chicken='<a href="#"><img src="https://image.uisdc.com/wp-content/uploads/2018/06/uisdc-chat-chicken.gif" class="checken"></a>';$("#comment-div").prepend(chicken)</script></div></div><script>var $bqinline=$("img[alt='bq-inline']");$bqinline.css({width:"2.3rem",height:"2.3rem",display:"inline","vertical-align":"text-bottom"})</script></div><div class="comments" id="comments"></div></div><aside id="sidebar" class="sidebar" onselectstart="return!1"><div class="sidebar-inner"><ul class="sidebar-nav motion-element"><li class="sidebar-nav-toc sidebar-nav-active" data-target="post-toc-wrap">Contents</li><li class="sidebar-nav-overview" data-target="site-overview">Site Preview</li></ul><section class="site-overview sidebar-panel"><div class="sidebar-sticky sticky"><div itemscope itemtype="http://schema.org/Person"><div class="author__avatar"><img src="/images/blogImage.jpg" class="author__avatar" alt="MrBird" itemprop="image"></div><div class="author__content"><h3 class="author__name" itemprop="name">MrBird's Blog</h3><p class="author__bio" itemprop="description">A simple blog, code repository, just keep blogging</p></div><div class="author__urls-wrapper"><button class="btn btn--inverse">Follow</button><ul class="author__urls social-icons"><li><a href="http://map.baidu.com/?newmap=1&s=s%26wd%3D%E7%A6%8F%E5%B7%9E%E5%B8%82%26c%3D300&from=alamap&tpl=mapcity" target="_blank" itemprop="url" class="ignore-href"><i class="fa fa-fw fa-map-marker" aria-hidden="true"></i>&nbsp;&nbsp;FuZhou,CN</a></li><li><a href="https://love.mrbird.cc" target="_blank" itemprop="url" class="ignore-href"><i class="fa fa-fw fa-diamond" aria-hidden="true"></i>&nbsp;&nbsp;Love</a></li><li><a href="https://cloud.mrbird.cn" target="_blank" itemprop="url" class="ignore-href"><i class="fa fa-fw fa-chain" aria-hidden="true"></i>&nbsp;&nbsp;FEBS</a></li><li><a href="/atom.xml" target="_blank" itemprop="url" class="ignore-href"><i class="fa fa-fw fa-rss" aria-hidden="true"></i>&nbsp;&nbsp;RSS</a></li><li><a href="https://gitee.com/mrbirdd" target="_blank" itemprop="sameAs" class="ignore-href"><i class="fa fa-fw fa-codepen" aria-hidden="true"></i>&nbsp;&nbsp;Gitee</a></li><li><a href="https://github.com/wuyouzhuguli" target="_blank" itemprop="sameAs" class="ignore-href"><i class="fa fa-fw fa-github-alt" aria-hidden="true"></i>&nbsp;&nbsp;GitHub</a></li><li><a href="javascript:;" class="popup-trigger"><i class="fa fa-fw fa-search" aria-hidden="true"></i>&nbsp;&nbsp;Search</a></li></ul></div></div></div><script>var $urls=$(".author__urls").find("a");$urls.each(function(){var o=$(this);o.mouseenter(function(){o.css({color:"#414547"})}),o.mouseleave(function(){o.css({color:""})})})</script></section><section class="post-toc-wrap motion-element sidebar-panel sidebar-panel-active"><div class="post-toc"><div class="post-toc-content"><ol class="nav"><li class="nav-item nav-level-2"><a class="nav-link" href="#准备工作"><span class="nav-number">1.</span> <span class="nav-text">准备工作</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#启用SpEL"><span class="nav-number">2.</span> <span class="nav-text">启用SpEL</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#自定义登录页"><span class="nav-number">3.</span> <span class="nav-text">自定义登录页</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#处理登录"><span class="nav-number">4.</span> <span class="nav-text">处理登录</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#处理登出"><span class="nav-number">5.</span> <span class="nav-text">处理登出</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#异常信息本地化"><span class="nav-number">6.</span> <span class="nav-text">异常信息本地化</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#自定义限制页面"><span class="nav-number">7.</span> <span class="nav-text">自定义限制页面</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#deny-jsp"><span class="nav-number">8.</span> <span class="nav-text">deny.jsp</span></a></li><li class="nav-item nav-level-2"><a class="nav-link" href="#测试"><span class="nav-number">9.</span> <span class="nav-text">测试</span></a></li></ol></div></div></section></div></aside></div></main><footer id="footer" class="footer" onselectstart="return!1"><div class="footer-inner"><div class="copyright">&copy; 2016 - <span itemprop="copyrightYear">2019</span>&nbsp;&nbsp; <span class="author" itemprop="copyrightHolder">MrBird</span>&nbsp;&nbsp;|<script async src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js"></script>&nbsp;&nbsp;UV&nbsp;<span class="busuanzi-value" id="busuanzi_value_site_uv" style="cursor:pointer" title="统计开始时间：2019年7月5日"></span> &nbsp;&nbsp;PV&nbsp;<span class="busuanzi-value" id="busuanzi_value_site_pv" style="cursor:pointer" title="统计开始时间：2019年7月5日"></span></div></div></footer><div class="back-to-top"><span style="font-family:'Source Sans Pro','Helvetica Neue',Arial,sans-serif;font-size:1.2em;font-weight:600">TOP</span></div></div><script type="text/javascript">"[object Function]"!==Object.prototype.toString.call(window.Promise)&&(window.Promise=null)</script><script type="text/javascript" src="/lib/jquery/index.js?v=2.1.3"></script><script type="text/javascript" src="/lib/fastclick/lib/fastclick.min.js?v=1.0.6"></script><script type="text/javascript" src="/lib/jquery_lazyload/jquery.lazyload.js?v=1.9.7"></script><script type="text/javascript" src="/lib/velocity/velocity.min.js?v=1.2.1"></script><script type="text/javascript" src="/lib/velocity/velocity.ui.min.js?v=1.2.1"></script><script type="text/javascript" src="/js/src/utils.js?v=5.1.1"></script><script type="text/javascript" src="/js/src/motion.js?v=5.1.1"></script><script type="text/javascript" src="/js/src/scrollspy.js?v=5.1.1"></script><script type="text/javascript" src="/js/src/post-details.js?v=5.1.1"></script><script type="text/javascript" src="/js/src/bootstrap.js?v=5.1.1"></script><script type="text/javascript">function proceedsearch(){$("body").append('<div class="search-popup-overlay local-search-pop-overlay"></div>').css("overflow","hidden"),$(".search-popup-overlay").click(onPopupClose),$(".popup").toggle();var t=$("#local-search-input");t.attr("autocapitalize","none"),t.attr("autocorrect","off"),t.focus()}var isfetched=!1,isXml=!0,search_path="search.xml";0===search_path.length?search_path="search.xml":search_path.endsWith("json")&&(isXml=!1);var path="/"+search_path,onPopupClose=function(t){$(".popup").hide(),$("#local-search-input").val(""),$(".search-result-list").remove(),$("#no-result").remove(),$(".local-search-pop-overlay").remove(),$("body").css("overflow","")},searchFunc=function(t,e,o){"use strict";$("body").append('<div class="search-popup-overlay local-search-pop-overlay"><div id="search-loading-icon"><i class="fa fa-spinner fa-pulse fa-2x fa-fw"></i></div></div>').css("overflow","hidden"),$("#search-loading-icon").css("margin","20% auto 0 auto").css("text-align","center"),$.ajax({url:t,dataType:isXml?"xml":"json",async:!0,success:function(t){isfetched=!0,$(".popup").detach().appendTo(".header-inner");var n=isXml?$("entry",t).map(function(){return{title:$("title",this).text(),content:$("content",this).text(),url:$("url",this).text()}}).get():t,r=document.getElementById(e),s=document.getElementById(o),a=function(){var t=r.value.trim().toLowerCase(),e=t.split(/[\s\-]+/);e.length>1&&e.push(t);var o=[];if(t.length>0&&n.forEach(function(n){function r(e,o,n,r){for(var s=r[r.length-1],a=s.position,i=s.word,l=[],h=0;a+i.length<=n&&0!=r.length;){i===t&&h++,l.push({position:a,length:i.length});var p=a+i.length;for(r.pop();0!=r.length&&(s=r[r.length-1],a=s.position,i=s.word,p>a);)r.pop()}return c+=h,{hits:l,start:o,end:n,searchTextCount:h}}function s(t,e){var o="",n=e.start;return e.hits.forEach(function(e){o+=t.substring(n,e.position);var r=e.position+e.length;o+='<b class="search-keyword">'+t.substring(e.position,r)+"</b>",n=r}),o+=t.substring(n,e.end)}var a=!1,i=0,c=0,l=n.title.trim(),h=l.toLowerCase(),p=n.content.trim().replace(/<[^>]+>/g,""),u=p.toLowerCase(),f=decodeURIComponent(n.url),d=[],g=[];if(""!=l&&(e.forEach(function(t){function e(t,e,o){var n=t.length;if(0===n)return[];var r=0,s=[],a=[];for(o||(e=e.toLowerCase(),t=t.toLowerCase());(s=e.indexOf(t,r))>-1;)a.push({position:s,word:t}),r=s+n;return a}d=d.concat(e(t,h,!1)),g=g.concat(e(t,u,!1))}),(d.length>0||g.length>0)&&(a=!0,i=d.length+g.length)),a){[d,g].forEach(function(t){t.sort(function(t,e){return e.position!==t.position?e.position-t.position:t.word.length-e.word.length})});var v=[];0!=d.length&&v.push(r(l,0,l.length,d));for(var C=[];0!=g.length;){var $=g[g.length-1],m=$.position,x=$.word,w=m-20,y=m+80;w<0&&(w=0),y<m+x.length&&(y=m+x.length),y>p.length&&(y=p.length),C.push(r(p,w,y,g))}C.sort(function(t,e){return t.searchTextCount!==e.searchTextCount?e.searchTextCount-t.searchTextCount:t.hits.length!==e.hits.length?e.hits.length-t.hits.length:t.start-e.start});var T=parseInt("1");T>=0&&(C=C.slice(0,T));var b="";b+=0!=v.length?"<li><a href='"+f+"' class='search-result-title'>"+s(l,v[0])+"</a>":"<li><a href='"+f+"' class='search-result-title'>"+l+"</a>",C.forEach(function(t){b+="<a href='"+f+'\'><p class="search-result">'+s(p,t)+"...</p></a>"}),b+="</li>",o.push({item:b,searchTextCount:c,hitCount:i,id:o.length})}}),1===e.length&&""===e[0])s.innerHTML='<div id="no-result"><i class="fa fa-search fa-5x" /></div>';else if(0===o.length)s.innerHTML='<div id="no-result"><i class="fa fa-frown-o fa-5x" /></div>';else{o.sort(function(t,e){return t.searchTextCount!==e.searchTextCount?e.searchTextCount-t.searchTextCount:t.hitCount!==e.hitCount?e.hitCount-t.hitCount:e.id-t.id});var a='<ul class="search-result-list">';o.forEach(function(t){a+=t.item}),a+="</ul>",s.innerHTML=a}};r.addEventListener("input",a),$(".local-search-pop-overlay").remove(),$("body").css("overflow",""),proceedsearch()}})};$(".popup-trigger").click(function(t){t.stopPropagation(),isfetched===!1?searchFunc(path,"local-search-input","local-search-result"):proceedsearch()}),$(".popup-btn-close").click(onPopupClose),$(".popup").click(function(t){t.stopPropagation()}),$(document).on("keyup",function(t){var e=27===t.which&&$(".search-popup").is(":visible");e&&onPopupClose()})</script></body><script>$(function(){$("a").not(".nav-link,.cloud-tie-join-count,.ignore-href,.jstree-anchor").addClass("animsition-link")});var burst1=new mojs.Burst({left:0,top:0,radius:{5:40},children:{shape:"circle",fill:["red","cyan","orange"],fillOpacity:.8,radiusX:3.5,radiusY:3.5}});document.addEventListener("click",function(a){null==a.target.href&&"footer"!=a.target.className&&"copyright"!=a.target.className&&"author__urls social-icons"!=a.target.className&&"author__avatar"!=a.target.className&&"sidebar sidebar-active"!=a.target.className&&burst1.tune({x:a.pageX,y:a.pageY}).generate().replay()})</script><script type="text/javascript" src="/js/message.js"></script></html><!-- rebuild by neat -->